Daf, at the crossroads of business risks

“Today, risks are considered separately. Each business manages its risks with its own methods and its own data (fire risks, financial risks, etc.), explains Sébastien Delmotte, Educational Manager of Global Risk Management Training at CentraleSupélec Exed School. Nonetheless, the daf, due to the transversality of its function, can see all its objectives impacted by all the risks of the business.

Daf at the crossroads of business risks

It is about asking which risks are the most important, in order to prioritize them and allocate the necessary resources. “We have to ask ourselves which risks are acceptable or not, particularly in terms of economic losses. For this, CFOs must issue strategic objectives and their requirements to guide the risk management policy of risk managers”. emphasizes Vincent Desroches, also head of education.

However, it is not a matter of generalizing these risks with standardized lists, insofar as, “where each company (depending on its size, sector, environment,…) has its own different risks and objectives”, insists Sébastien Delmotte. All these risks must be taken into account by Daf within a global mapping of the company’s risksbut they must be analyzed and prioritized in light of the company’s strategic objectives and context (political, environmental, social…), as their criticality varies from one company to another, from one country to another and from one period to another .

26 generic risk categories

It exists 26 generic categories of business risks and threats : external to the company (environments, politics, insecurity, media, customers), internal linked to governance (commercial, legal, communication, human resources, strategy, ethics, etc.), internal linked to technical resources (infrastructure and buildings, materials and equipment) and internal related to production (studies and projects, human factor, physical-chemical, professional, operational, etc.).

However, we can cite the current (unclassified) critical risks:

International political instabilitiessuch as Brexit, the war in Ukraine, the economic war between China and the United States that ends in economic sanctions, or national ones such as social conflicts that can lead to changes in leadership at different levels of the country (example recent attempt at independence in Spain)… These instabilities can create currency crises, failures in the supply chain, tax increases, the complexity of contractual relations, the need to change headquarters and factories…;

Regulatory complexity and rapid regulatory change on products and substances: not all countries have the same regulations in terms of food additives, use of plant protection products, safety… come on;

forced scan, with a massive impact of digital companies in the modes of consumption, sale, work, influence, marketing, production… Traditional companies have no alternative but to accompany this digital transformation that is accompanied by cultural and technological upheavals. But it’s not just about starting a digital transformation, it must be successful (controlled in particular from a financial point of view). We see many cases where this transformation comes at a disproportionate cost because it is poorly supported in terms of project risk management impacting performance, cost, and schedule.”, emphasizes Sébastien Delmotte.

The increasing pace of technological advances which is accompanied by financial bubbles that can destabilize markets. Internet, Artificial Intelligence, NewSpace, quantum computer, new energies, connected health, biotechnologies… Each new advance is accompanied by high expectations of gain, but also by frauds and scams more or less on a large scale;

cyber security which has a very high cost for companies in terms of: losses linked to attacks; costs related to remediation after attacks; economic losses related to the loss of customers after attacks; protection and prevention against attacks; insurance costs that now include cyber risks

the economic war including destabilization actions by competitors (companies, countries) make DAF prime targets for corruption, extortion or blackmail, data theft.

However, this awareness of risk exposure does not seem self-evident. Why risk management is not an identifiable benefit to the company. “Even if it doesn’t bring anything, it prevents you from losing. Take the case of Ferrero, how much will it cost in terms of lost sales related to the health scandal or in advertising to restore his image.”says Sébastien Delmotte.

A good temporality of risk management

A good temporality of risk management takes place in 3 steps. Rather: it’s about anticipating, being creative, but also imaginative and forward-looking. “You need a capacity for anticipation and decision making with a so-called army approach. OODA (to Observe, Guide, Decide, Act). You need to be able to simulate scenarios to drive the strategy accordingly,” he said. explains Vincent Desroches. During: It’s about knowing how to react and what decisions to make. Finally, afterward, we must learn the lessons and find out what worked and what didn’t. At each step, risk management must know what attitude to take. “You have to know your strengths and weaknesses and know how to show agility”, says Sébastien Delmotte.

There is also talk of risk appetite, which must be supported by managers and the Comex. It’s also about soft skills. “A good risk manager must know how to question and doubt. Because thethe first enemy of risk management is certainty », emphasizes Vincent Desroches. But at the same time, without a doubt, the good risk manager must also provide confidence.

Leave a Comment